Sushiswap, one of the most highly regarded platforms in DeFi, suffered an exploit on its MISO token launchpad yesterday. The hacker was able to withdraw around $3 million in ether.
Sushiswap is the DeFi platform that is most widespread across the layer one chains. These chains include Ethereum, Binance, Polygon, Fantom, Avalanche, and several others. It’s importance in the crypto DeFi ecosystem cannot be overestimated.
Therefore, it was quite a blow to the platform to suffer yesterday’s hack. CTO Joseph Delong tweeted out some details, which included that a “contractor” going by the Github name of “AristoK3” had planted malicious code into the Miso front end, in what was a supply chain attack.
A supply chain attack is where the attacker is able to change the contract address to one of their own. It appears that only one contract address, for an NFT auction, was exploited.
According to Delong, the attacker has approached other protocols under the guise of contract work. This included the blue chip DeFi protocol Yearn Finance, where the malicious actor carried out some work.
Delong said his team even suspects the actual identity of the attacker. The identity is given as “eratos1122”, a handle that links to a twitter account of a developer of blockchain mobile games.
With this knowledge, the team has approached both FTX and Binance exchanges in order to get KYC information. Delong tweeted that they had not been successful in attaining this “time sensitive” information.
The Sushiswap team has let it be known that if the funds are not returned by 12:00 UTC, then it will file a complaint with the FBI.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.